Application and Threat Intelligence (ATI) Blog

When you spend time on your mobile phone, you use dozens of different applications: Facebook, Netflix, email, YouTube, and more. And behind the scenes your carrier is registering and authenticating your device on the network, establishing HTTP, Android App Store, and other connections over bearer channels while blocking malicious attacks. THIS is the reality of mobile traffic today, and it can be a challenge. So when I was surfing around on my iPhone the other morning I was thrilled to see a new mobile security test, “Crossbeam and Spirent Partner to Define Real-World Security Test Methodology for Mobile Network Operators.”...

During the last two weeks of the year we are recapping some of the most popular topics covered on the blog during 2011. So far we have reviewed mobility testing, security research, DDoS, and now today, cyber range deployment. Cyber ranges are critical tools used to recreate cyber war conditions in order to harden IT infrastructure, train cyber warriors, and perform cutting-edge cyber security research.

During these last two weeks of the year we are recapping some of the most popular topics covered on the blog during 2011. Today we take a look at network security testing and blog posts that detailed some of the very latest in security research. The threat landscape continues to shift radically because we have to worry about more sophisticated attacks, evolved use of vulnerabilities, and an expanded target with the growth in mobile malware. This made for some very interesting blog posts.

Throughout the next two weeks we are recapping some of the most important topics covered on the blog during 2011. Today we take a look at the very latest DDoS attacks and how to test that your infrastructure can survive these threats. Below you can read about new application-layer DDoS attacks, how Korea Telecom hardened its infrastructure against these attacks, building a SIP INVITE flood, and much more.

Throughout the next two weeks we will be recapping some of the most important topics covered on the blog during 2011. Today we take a look at mobility testing, specifically the importance of massive-scale LTE testing. As we all know, telecom carriers are aggressively rolling out Long Term Evolution (LTE) or 4G networks. These promise increased performance for the end user but of course provide new challenges for equipment manufacturers and service providers.

During the recent Cloud Security Alliance Congress, BreakingPoint's Scott Register presented on how to enhance functional testing prior to deploying a cloud infrastructure. Scott also addressed the audience’s challenges and perceptions of it being too costly to scale load to reflect their actual traffic. As Scott demonstrated live, functional load testing alone is not sufficient, and companies must understand how their infrastructure will perform under real world conditions in order to optimize and validate the performance and security of their cloud roll-out.

The Illinois Statewide Terrorism and Intelligence Center (STIC) recently published an official report stating that a hacker had attacked the IT infrastructure of a city water utility in Springfield, Ill. The report also concluded that this cyber attack had left a water pump inoperable. This news, of course, was covered by several media outlets including Wired and threatpost, and became a large news story since it is not only the first reported foreign cyber attack on U.S. critical infrastructure, but it also physically disabled infrastructure equipment.

“Cyber warfare training” is emerging as a new military discipline, and according to a recent article from Defense Systems, the U.S. military has now made cyber security education and conditioning mandatory during basic training. Cyber warfare training is done in various ways, from in-depth classroom studies, to live exercises using federated cyber ranges, similar to the one deployed by our customer Northrop Grumman. It has become obvious that nation states and military organizations must prepare themselves and train their personnel to recognize, prevent and combat cyber attacks.